[hunchentoot-devel] Chained SSL-certificates support

Steffen Schulz pepe_ml at gmx.net
Wed Sep 1 15:25:40 UTC 2010


Hi,


I had a similar problem some time ago but no time to investigate.

I think the chain cert must be provided at a separate place in the SSL
handshake. There's a special openssl function and it seems to be
exported in cl+ssl:

| CL+SSL:USE-CERTIFICATE-CHAIN-FILE (certificate-chain-file)
| 
| Loads a PEM encoded certificate chain file certificate-chain-file and
| adds the chain to global context. The certificates must be sorted
| starting with the subject's certificate (actual client or server
| certificate), followed by intermediate CA certificates if applicable,
| and ending at the highest level (root) CA.


So its probably not very hard. There was also a patch available
somewhere online but it didn't work for me back then.



HTH,
Steffen




More information about the Tbnl-devel mailing list